MiniMax

Security checks across malware telemetry and agentic risk

Overview

This is a MiniMax workflow guide that discloses API key use, remote MiniMax calls, optional local notes, and consent checks for media, MCP, and paid jobs.

Install this if you intend to use MiniMax workflows. Use a scoped MiniMax API key where possible, review prompts and media before upload, approve paid or long-running jobs explicitly, and only enable ~/minimax/ memory or remote MCP hosts after their scope is clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation guidance is overly broad because it suggests triggering on a wide range of loosely related terms and encourages proactive jump-in behavior. In an agent setting, this can cause unintended invocation in conversations that merely mention MiniMax-related concepts, increasing the chance of context bleed, unnecessary access to sensitive workflow details, or the agent taking actions outside the user's intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal